CentraSite 10.3 | CentraSite User’s Guide | Runtime Governance | Run-Time Policy Management | Built-In Run-Time Actions Reference (CentraSite Control) | Usage Cases for Identifying or Authenticating Consumers
 
Usage Cases for Identifying or Authenticating Consumers
When deciding which type of identifier to use to identify a consumer application, consider the following points:
*Whatever identifier you select to identify a consumer application, it must be unique to the application. Identifiers that represent user names are often not suitable because the identified users might submit requests for multiple applications.
*Identifying applications by IP address or host name is often a suitable choice, however, it does create a dependency on the network infrastructure. If a consumer application moves to a new machine, or its IP address changes, you must update the identifiers in the application asset.
*Using X.509 certificates or a custom token that is extracted from the SOAP message itself (using an XPATH expression), is often the most trouble-free way to identify a consumer application.
Following are some common combinations of actions used to authenticate or identify consumers:
*Scenario 1: Identify consumers by IP address or host name
*The simplest way to identify consumers is to use the Identify Consumer action and set its Identify User Using parameter to specify either a host name or an IP address (or a range of IP addresses).
*Scenario 2: Authenticate consumers by HTTP authentication token
Use the following actions:
*Identify Consumer action and set its Identify User Using parameter to HTTP Authentication Token (to identify consumers using the token derived from the HTTP header).
*Require HTTP Basic Authentication.
*Additionally, you can use one or both of the following:
*Authorize User action (to authorize a list of users and groups registered in the Integration Server on which Mediator is running).
*Authorize Against Registered Consumers action (to authorize consumer applications against all Application assets registered as consumers for a service in CentraSite).
*Scenario 3: Authenticate consumers by WS-Security authentication token
Use the following actions:
*Identify Consumer action, and set its Identify User Using parameter to WS-Security Authentication Token (to identify consumers using the token derived from the WSS Header).
*Require WSS Username Token action.
*Additionally, you can use one or both of the following:
*Authorize User action (to authorize a list of users and groups registered in the Integration Server on which Mediator is running).
*Authorize Against Registered Consumers action (to authorize consumer applications against all Application assets registered as consumers for a service in CentraSite).
*Scenario 4: Authenticate consumers by WSS X.509 token
*Identify Consumer action, and set its Identify User Using parameter to Consumer Certificate (to identify consumers using the WSS X.509 token).
*Require WSS X.509 Token action.
*Require SSL action.